CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 2CVE-2003-1469 – Macromedia ColdFusion MX 6.0 - Error Message Full Path Disclosure
https://notcve.org/view.php?id=CVE-2003-1469
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. • https://www.exploit-db.com/exploits/22544 http://securityreason.com/securityalert/3307 http://www.nii.co.in/vuln/pdmac.html http://www.securityfocus.com/archive/1/319867 http://www.securityfocus.com/bid/7443 https://exchange.xforce.ibmcloud.com/vulnerabilities/11879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 1CVE-2002-1700 – ColdFusion MX - Missing Template Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1700
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. • https://www.exploit-db.com/exploits/21548 http://online.securityfocus.com/archive/1/277487 http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 http://www.securityfocus.com/bid/5011 https://exchange.xforce.ibmcloud.com/vulnerabilities/9360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1309
https://notcve.org/view.php?id=CVE-2002-1309
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. Desbordamiento de búfer en el mecanismo de manejo de errores del manejador de IIS ISAPI en Macromedia ColdFusion 6.0 permite a atacantes remotos ejecutar código arbitrario mediante una petición HTTP GET con un nombre de fichero .cfm largo. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html http://marc.info/?l=bugtraq&r=1&b=200211&w=2 http://www.eeye.com/html/Research/Advisories/AD20021112.html •